Attribute-Based Access Control
ABAC makes access decisions by evaluating attributes of the user, the resource, the action, and the environment against policies. For example, a rule might allow access only if the user is in the finance department, on a managed device, and during business hours. It is more flexible than role-based control but harder to design and audit.